If you've been watching tech news headlines over the past week, you've likely heard that Android malware is growing at an alarming rate, up something like 472% from May of this year. Should you be worried and run off to purchase and install an antivirus package for your Android phone? Not so fast, there's just as much controversy over those utilities as there is over the malware itself.

Yes, Malware for Android Is Real, and It's Growing

The one thing that can't be refuted is that the amount of malware for the Android platform has skyrocketed. After all, it's only natural for malware authors to target one of the most popular and fastest growing mobile platforms. Juniper's Global Threat Center, the group that created the report and this infographic that's been raising eyebrows, points out that the flood of Android malware can be broken in to two categories.

SMS Trojans. SMS Trojans operate in the background of normal applications, sending SMS messages to premium rate numbers, or numbers that charge you each time an SMS is sent to them. The same way you can send an text message to vote for an outcome on a television show (and conveniently pay the show a fee for sending that message), these trojans send messages to numbers—often international—owned by the attacker. In fact, you don't even notice the unusual behavior until you review your cell phone bill, or check your account to see if there's been recent SMS activity. Of course, by the time you see it, the messages have already been sent, and your account has already been billed. SMS trojans account for just less than half of all Android malware.

Spyware. The lion's share of Android malware is actually spyware. Just more than half are applications that have deep access and permissions to your system, or which exploit vulnerabilities in Android to gain root access to the device, collect information about the device and the user, and then send it back to the app's developer. Many of those applications masquerade as legitimate ones, like a recent app that looked so much like the official Netflix app that it was hard to tell the difference.

Juniper isn't the only security research firm that's highlighted the threat. A new report from McAfee, highlighted over at Neowin, says the same thing. Both research firms say that the bulk of the malware is being written by the same authors who were responsible for similar attacks against old Windows Mobile and Symbian devices years ago. In essence, it's not that Android has suddenly drawn in a new generation of malcontents, but that the older, more vulnerable platforms aren't as interesting anymore, and Android's meteoric rise and open architecture make it an attractive target.

No, Mobile Anti-Malware Utilities for Android are Not Perfect, or Even the Same Protection You Get on the Desktop

To combat the mobile malware threat, a number of security firms have released their own utilities designed to keep you safe. Researchers will tell you that you need some kind of protection to keep your phone and the data on it safe and secure. That may be true, but not everyone is taking research firms like Symantec, McAfee, and Juniper at their word. Google's Chief Evangelist, Chris DiBona, called out researchers for being charlatans and scammers and accused them of peddling "scareware." Admittedly, DiBona isn't exactly an impartial observer, but there may be something to his concerns.

Advertisement

Unfortunately, even though most mobile security tools do offer valuable features like data backup, remote wipe, remote lock, and GPS tracking, DiBona notes that even though there's been a rise in malware for the Android platform, there has yet to be an open and spreading infection among Android devices like we've seen on desktop computers. Part of the issue is that there's no simple transmission method between mobile devices in the wild. Despite DiBona's concerns, security researchers say that mobile devices are essentially handheld computers, and that they carry a great deal of information about us that identity thieves would consider valuable.

Even so, security products available for Android don't offer the same level of protection that desktop security tools offer. There's no active scanning of files or applications that enter memory, or regular checking of applications that are downloaded and installed. update: a few of you have noted that some apps, like Lookout and ESET for Android, do offer real-time scanning, thanks! You can't just install a mobile security suite on your Android phone and assume you'll be safe regardless of what you do. Until security tools mature, the real weapon you have against Android malware is common sense. Don't install applications from unusual or suspicious sources and only install apps from the Android market or other trusted markets. Make sure to evaluate the permissions required by the apps you install before you install them or allow them to auto-update. Keep a close watch on your SMS and data activity even in between billing cycles, and raise any issues to your carrier as soon as you see them.

The Verdict

Well, the question we started with was: Do Android antivirus apps actually do anything? The simple answer is yes. They can be helpful, even if they're not bulletproof or even as protective as their desktop counterparts are. There's a ton of Android malware out there, but the upside to the whole affair is that it's not terribly easy to get, if you use your phone normally. Also, even if the malware threat to Android is a bit overinflated right now, security companies that are eager to sell you an antivirus package or app for your mobile device are at least providing a partially useful service.

Advertisement

Even if their apps aren't ready for prime time to combat malware in the wild, they do give you other useful tools , like remote tracking or data wipe if your phone has been lost or stolen, backup for all of your files and data, and more. At the same time, some apps have those same features for free. If you've installed Norton Mobile Security or McAfee Wavesecure, there's no need to uninstall it and ask for your money back. The utilities will only get better with time. Still, keep in mind that no mobile security app is a replacement for common sense.